As anti-malware systems become better at identifying malicious executable files, malware is more frequently being distributed in non-executable, content-based files that are processed or loaded by application programs. For example, malware is often disguised as content in PDF or other types of media and/or document files, which are opened by specific applications (e.g., Adobe Reader®, Microsoft Word®, Apple Quick Time®, etc.). Frequently, content-based malware infects computers by causing the processing application to run malicious active content, such as JavaScript. This type of malware leverages vulnerabilities in content formats as well as user ignorance to distribute itself and infect computers in this manner. As a specific example, there has recently been a large increase in the amount of malware distributed in PDF files. Due to the complexity of these formats and attack type, such malware often evades traditional signature based detection. It would be desirable to address these issues.